Selection

Selecting the Correct CA for You

[1] To decide on the best CA system for your environment, there are three key considerations you need to take into account and they are explained in the following sub sections of this online manual:

the type of user group you have

the type of Certificate this group needs

the technical personnel you have available

Open & Closed User Groups

When deciding on whether the Managed CA[2] or the Managed CA[3] is most suited to you, you should understand the difference between an open and a closed user group. From a CA perspective, this relates to the extent of end user control you have. If the CA exercises some degree of control over the end user’s environment then it is a closed user group and if it doesn’t, it is in an open group.

The following are examples of the two types of user group:

If you have sufficient control over your users and can ensure they all have Outlook® 2003, then this is considered a closed user group

If you issue all the Digi-IDs™ on smart cards, from a CA perspective, you control every aspect of the environment and this is a closed group

If you send thousands of email newsletters to a wide user group, you have no idea what email software they use, so this is an open group

If you have a small group of extranet users that you manage and they trust you, then this could be considered a closed user group

The tax payers in a country all belong to the closed group: tax payers and the tax authorities can enforce certain practices on its users

The e Passport [4] of the citizen from one country is still valid in another country is a closed group by conforming to international standards [5]

Two friends communicating over the internet but not knowing each others software is an open group because neither controls the other

It is not always immediately obvious whether a group is open or closed and it is important that this is determined accurately if your CA is to meet your precise requirements. If there is any doubt, contact the Digi-CAST1™ Team [6] and ask them to advise you.

The Correct Certificate for the Group

If the user group is closed, then you may be able to use either CA. There are two exceptions to this when you want to secure:

a server using a Secure Socket Layer [7] [SSL] server Certificate

email using a client certificate [8]

In 99% of cases an SSL Certificate [7] must be Trusted and if there is any possibility that the secure email [8] is required outside the closed group, then the Trusted Certificate is required here too. In both of these special cases, the Managed CA is your only choice.

Availability of Technical Personnel

The third consideration needed to help you select the correct CA for your organisation is the availability of the type of suitably trained and experienced technical personnel required to run and operate a CA. Most organisations don’t have this type of specialist staff within their organisation and therefore are best advised to use a Managed CA to deliver the required service.